Dive into our comprehensive library of Capture The Flag (CTF) walkthroughs and technical analyses. In this section, we dissect retired challenges from platforms like Hack The Box and TryHackMe to demonstrate real-world vulnerabilities, exploitation techniques, and privilege escalation paths. These write-ups are designed as educational case studies to help you understand the methodology behind the hack, not just the solution.
The vast majority of the apps and websites we use every day communicate over the web. At the heart of that communication is HTTP — the Hypertext Transfer Protocol. In simple terms, HTTP is the language clients (browsers, mobile apps, scripts) and servers use to request and deliver resources (HTML pages, images, JSON APIs, files). … Ler mais
In today’s interconnected world, network traffic is constantly flowing between systems, applications, and users. Every packet that traverses a network contains valuable information — some of it benign, some of it sensitive, and sometimes even malicious. This is where network traffic analysis (NTA) comes into play. Whether you are on the defensive side (monitoring for … Ler mais
Introduction Password cracking — the offline brute-force attacks you hear about — remains one of the most practical ways attackers gain unauthorized access. Many apps and systems hash or encrypt sensitive data so that plaintext passwords aren’t stored and intercepted credentials aren’t easily exposed during a man-in-the-middle. Password cracking tries to reverse that protection by … Ler mais
One of the most common sources of security vulnerabilities comes from the improper handling of untrusted data. In traditional web security, this often leads to injection attacks. Some classic examples include: LLMs and Output-Based Attacks In this module, we’ll focus specifically on output attacks against text-based models like LLMs. In real-world deployments, however, the scope … Ler mais
Large Language Models (LLMs) have become powerful tools in answering questions, creating content, and even solving complex problems. But here’s the secret: the quality of what you get depends heavily on what you give. That “what you give” is known as the prompt — the input that guides the model’s behavior. A well-crafted prompt doesn’t … Ler mais
Introduction to Red Teaming AI and Machine Learning Systems As Artificial Intelligence (AI) and Machine Learning (ML) become deeply integrated into modern technologies, securing these systems has emerged as a critical challenge. This module serves as a comprehensive introduction to red teaming AI deployments, offering learners a clear understanding of both the opportunities and the … Ler mais
Artificial Intelligence is rapidly transforming the field of cybersecurity, and understanding how to build and apply AI models is becoming an essential skill. This module serves as a hands-on introduction to AI in infosec, guiding learners through the full process of setting up an environment, working with data, and building models that can solve real-world … Ler mais
Skills Assessment Which probabilistic algorithm, based on Bayes’ theorem, is commonly used for classification tasks such as spam filtering and sentiment analysis, and is known for its simplicity, efficiency, and good performance in real-world scenarios? Naive Bayes is popular because it is simple, fast to train, and works very well for tasks like spam detection … Ler mais
Arbitrary file upload vulnerabilities rank among the most severe weaknesses in web applications. These flaws allow attackers to upload malicious files to the server, which can then be executed to run arbitrary commands on the back-end. In the worst cases, this can lead to full server compromise, affecting all hosted applications, exposing sensitive data, or … Ler mais
Passwords remain the most common form of authentication within corporate networks. However, when organizations fail to enforce strong password policies, users often fall back on weak, easy-to-remember choices. These weak passwords are prime targets for offline cracking and can be exploited by attackers to escalate privileges and gain deeper access. As penetration testers, we frequently … Ler mais
Cross-Site Scripting (XSS) is one of the most prevalent vulnerabilities found in web applications. Exploiting an XSS flaw can let an attacker run arbitrary JavaScript in a user’s browser, potentially leading to full compromise of the web application when combined with other weaknesses. This module will guide you through identifying XSS vulnerabilities and demonstrating how … Ler mais
File Inclusion is one of those vulnerabilities that often hides in plain sight. At first, it might look like just another piece of functionality within a web application—allowing users to load files or dynamic content. However, when not handled securely, this feature can open the door to serious security risks. In simple terms, file inclusion … Ler mais